Ethereal

Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco LMC352?
Google
 
Web Ethereal.com

Home | Introduction | Documentation | Lists | FAQ | Development | Wiki | Bugs

Main Index | Thread Index | Mailing Lists | | Date Prev | Date Next | Thread Prev | Thread Next

Ethereal-users: June 2002

 

I'm actually looking at both WEP and non-WEP traffic during my tests.  In
this case, though, I'm dealing with non-WEP.  Like I said, I can see the
strings in the data dump, but ethereal misinterprets the info.

My first guess is that the firmware is not current/old enough.  I've got
several different versions to test this weekend.  I'll post my results
later...

----- Original Message -----
From: "Joe Tomasone" <joe@xxxxxxxx>
To: "an ethereal user" <ethereal@xxxxxxxxxxx>; <ethereal-users@xxxxxxxxxxxx>
Sent: Friday, June 07, 2002 2:11 PM
Subject: Re: [Ethereal-users] Wireless sniffing - FreeBSD 4.5 + Cisco
LMC352?


>
> Is the AP using WEP?  WEP frames will show as LLC frames due to the fact
> that the AP manufacturers all violate the spec and do not tag WEP
encrypted
> frames with the proper privacy bit.
>
>
>          - Joe
>
>
>
> At 10:08 AM 6/7/2002, you wrote:
> >Howdy all...
> >
> >I have installed FreeBSD 4.5 on an old Compaq Armada for use as a
> >wireless sniffer.  I've been able to get my Cisco Aironet LMC352 into
> >monitor mode, ethereal 0.9.4 seems to talk to it, and I've also been
> >able to "stumble" with Kismet.
> >
> >The problem:  Ethereal doesn't decode the data packets properly.  All
> >packets that are not beacons or probes show up as "LLC" protocol
> >packets.  I've sniffed a web session from my other laptop and I saw the
> >URL and HTML in these "LLC" packets, so I know that my sniffer is
> >seeing 3rd party traffic, but I'd like to be able to see the high-level
> >protocol (IP, TCP) info, not just raw strings.
> >
> >(for the record)
> ># ethereal -v
> >ethereal 0.9.4, with GTK+ 1.2.10, with GLib 1.2.10, with libpcap 0.7,
> >with libz 1.1.3, with UCD SNMP 4.2.5
> >
> >Card type: Cisco LMC352
> >Hardware revision: 00:22
> >Firmware: 04:23
> >
> >If anyone else out there in TV land has had similar experiences, I'd
> >like to trade info.
> >
> >
> >_______________________________________________
> >Ethereal-users mailing list
> >Ethereal-users@xxxxxxxxxxxx
> >http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
>

Powered by MHonArc 2.6.10

Please send support questions about Ethereal to the ethereal-users[AT]ethereal.com mailing list.
For corrections/additions/suggestions for this web page (and not Ethereal support questions), please send email to ethereal-web[AT]ethereal.com.
Last modified: Fri, November 10 2006.
"Ethereal" and the "e" logo are registered trademarks of Ethereal, Inc.